The IDPS must capture and log alerts that contain detailed information for events identified by type, location, and subject.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000080-IDPS-000077 | SRG-NET-000080-IDPS-000077 | SRG-NET-000080-IDPS-000077_rule | Low |
| Description |
|---|
| Audit record content that may be necessary to satisfy the requirement of this control, includes, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. This capability is critical for accurate forensic analysis. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43205_chk ) |
|---|
| Verify log view setting can be reorganized to view the log entries by type, location or subject. Verify the sensor logs categorize each event logged by a minimum event type, location, and a description of the event. If sensor logs entries do not include a minimum of event type, location, and a description of the event for each event captured, this is a finding. |
| Fix Text (F-43205_fix) |
|---|
| Configure the sensors and central management server to categorize each alert. Alerts will include event type, location, and a description of the event. |